当前位置：文江博客话题详情

如何定义，系统中DEP为ON

发布于 2024-11-29 15:35:05 字数 776 浏览 2 评论 0原文

德尔福Xe； XP、Vista、Win7、WSrv2008R2；

在此处输入图像描述

0.DEP(数据执行保护) CPU 支持

Function isCpuDEP:bool; 
begin
Result:=... //???
end;

1.如何定义，DEP 在系统中处于开启状态？

Function isEnableDEP:bool; // Win Xp comparable
begin
Result:=false;if isCpuDEP=false then exit;
Result:=... //???
end;

2.定义，如果DEP已启用，并且还为所有程序和服务启用？

Function isEnableDEPForAllProgram:bool;
begin
Result:=false;if isEnableDEP=false then exit;
Result:=... //???
end;

3.获取DEP程序列表？

Function GetDEPProgramList:TStringList;
begin
Result:=nil;if isEnableDEPForAllProgram=false then exit;
Result:=Tstringlist.Create;
Result:=... //???
end;

DelphiXe; Xp,Vista,Win7,WSrv2008R2;

enter image description here

0.DEP(Data Execution Prevention) CPU supported

Function isCpuDEP:bool; 
begin
Result:=... //???
end;

1.How to define, DEP is ON in system?

Function isEnableDEP:bool; // Win Xp comparable
begin
Result:=false;if isCpuDEP=false then exit;
Result:=... //???
end;

2.To define, that if DEP it is enabled, and also enabled for ALL programs and services?

Function isEnableDEPForAllProgram:bool;
begin
Result:=false;if isEnableDEP=false then exit;
Result:=... //???
end;

3.Get DEP program list?

Function GetDEPProgramList:TStringList;
begin
Result:=nil;if isEnableDEPForAllProgram=false then exit;
Result:=Tstringlist.Create;
Result:=... //???
end;

收藏 0

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

评论（3）

若相惜即相离 2024-12-06 15:35:05

下面使用 GetProcessDEPPolicy 对于第 (1) 点：

type
  TGetProcessDEPPolicy =
      function(Process: THandle; out Flags: DWORD; out Permanent: Bool): Bool; stdcall;
const
  PROCESS_DEP_ENABLE = $00000001;
  PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = $00000002;

procedure TForm1.Button1Click(Sender: TObject);
var
  GetProcessDEPPolicy: TGetProcessDEPPolicy;
  DEPFlags: DWORD;
  IsPermanent: Bool;
begin
  @GetProcessDEPPolicy :=
      GetProcAddress(GetModuleHandle(kernel32), 'GetProcessDEPPolicy');
  if Assigned(GetProcessDEPPolicy) then begin
    if GetProcessDEPPolicy(GetCurrentProcess, DEPFlags, IsPermanent) then begin

      if (DEPFlags and PROCESS_DEP_ENABLE) = PROCESS_DEP_ENABLE then
        ShowMessage('DEP enabled')
      else
        ShowMessage('DEP disabled');

    end else
      raise EOSError.Create(SysErrorMessage(GetLastError));
  end else
    raise EOSError.Create('Unsupported OS');
end;

对于第 (2) 点，可以使用 GetSystemDEPPolicy 中类似的时尚。

对于第 (3) 点，您可以枚举进程并找出使用 DEP 运行的进程。

The below uses GetProcessDEPPolicy for point (1):

type
  TGetProcessDEPPolicy =
      function(Process: THandle; out Flags: DWORD; out Permanent: Bool): Bool; stdcall;
const
  PROCESS_DEP_ENABLE = $00000001;
  PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = $00000002;

procedure TForm1.Button1Click(Sender: TObject);
var
  GetProcessDEPPolicy: TGetProcessDEPPolicy;
  DEPFlags: DWORD;
  IsPermanent: Bool;
begin
  @GetProcessDEPPolicy :=
      GetProcAddress(GetModuleHandle(kernel32), 'GetProcessDEPPolicy');
  if Assigned(GetProcessDEPPolicy) then begin
    if GetProcessDEPPolicy(GetCurrentProcess, DEPFlags, IsPermanent) then begin

      if (DEPFlags and PROCESS_DEP_ENABLE) = PROCESS_DEP_ENABLE then
        ShowMessage('DEP enabled')
      else
        ShowMessage('DEP disabled');

    end else
      raise EOSError.Create(SysErrorMessage(GetLastError));
  end else
    raise EOSError.Create('Unsupported OS');
end;

For point (2), you can use GetSystemDEPPolicy in a similar fashion.

For point (3), you can enumerate processes and find out the ones running with DEP.

回复收藏 0 原文

橪书 2024-12-06 15:35:05

Win32_OperatingSystem

a> WMi 类有 4 个属性，用于报告 DEP DataExecutionPrevention_Available
DataExecutionPrevention_32BitApplications
DataExecutionPrevention_Drivers
DataExecutionPrevention_SupportPolicy

阅读有关这些属性的 MSDN 文档以查看说明。

检查此示例应用程序

{$APPTYPE CONSOLE}

uses
  SysUtils,
  ActiveX,
  ComObj,
  Variants;


function DEPStatus(Status : integer) : string;
begin
  case Status of
   0 : Result:='Always Off';
   1 : Result:='DEP is turned off for all 32-bit applications on the computer with no exceptions. This setting is not available for the user interface.';
   2 : Result:='DEP is enabled for all 32-bit applications on the computer. This setting is not available for the user interface.';
   3 : Result:='DEP is enabled by default for all 32-bit applications. A user or administrator can explicitly remove support for a 32-bit application by adding the application to an exceptions list.';
   else
       Result:='unknown';
  end;
end;


procedure  GetDEPStatusInfo;
const
  WbemUser            ='';
  WbemPassword        ='';
  WbemComputer        ='localhost';
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin;
  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer(WbemComputer, 'root\CIMV2', WbemUser, WbemPassword);
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_OperatingSystem','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  if oEnum.Next(1, FWbemObject, iValue) = 0 then
  begin
    Writeln(Format('DataExecutionPrevention_32BitApplications    %s',[FWbemObject.DataExecutionPrevention_32BitApplications]));// Boolean
    Writeln(Format('DataExecutionPrevention_Available            %s',[FWbemObject.DataExecutionPrevention_Available]));// Boolean
    Writeln(Format('DataExecutionPrevention_Drivers              %s',[FWbemObject.DataExecutionPrevention_Drivers]));// Boolean
    Writeln(Format('DataExecutionPrevention_SupportPolicy        %s',[FWbemObject.DataExecutionPrevention_SupportPolicy]));// Uint8
    Writeln(DEPStatus(FWbemObject.DataExecutionPrevention_SupportPolicy));
  end;
end;


begin
 try
    CoInitialize(nil);
    try
      GetDEPStatusInfo;
    finally
      CoUninitialize;
    end;
 except
    on E:EOleException do
        Writeln(Format('EOleException %s %x', [E.Message,E.ErrorCode]));
    on E:Exception do
        Writeln(E.Classname, ':', E.Message);
 end;
 Writeln('Press Enter to exit');
 Readln;
end.

The Win32_OperatingSystem WMi class has 4 properties which report the status of DEP

DataExecutionPrevention_Available
DataExecutionPrevention_32BitApplications
DataExecutionPrevention_Drivers
DataExecutionPrevention_SupportPolicy

Read the MSDN documentation about these properties to see the description.

Check this sample application

{$APPTYPE CONSOLE}

uses
  SysUtils,
  ActiveX,
  ComObj,
  Variants;


function DEPStatus(Status : integer) : string;
begin
  case Status of
   0 : Result:='Always Off';
   1 : Result:='DEP is turned off for all 32-bit applications on the computer with no exceptions. This setting is not available for the user interface.';
   2 : Result:='DEP is enabled for all 32-bit applications on the computer. This setting is not available for the user interface.';
   3 : Result:='DEP is enabled by default for all 32-bit applications. A user or administrator can explicitly remove support for a 32-bit application by adding the application to an exceptions list.';
   else
       Result:='unknown';
  end;
end;


procedure  GetDEPStatusInfo;
const
  WbemUser            ='';
  WbemPassword        ='';
  WbemComputer        ='localhost';
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin;
  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer(WbemComputer, 'root\CIMV2', WbemUser, WbemPassword);
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_OperatingSystem','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  if oEnum.Next(1, FWbemObject, iValue) = 0 then
  begin
    Writeln(Format('DataExecutionPrevention_32BitApplications    %s',[FWbemObject.DataExecutionPrevention_32BitApplications]));// Boolean
    Writeln(Format('DataExecutionPrevention_Available            %s',[FWbemObject.DataExecutionPrevention_Available]));// Boolean
    Writeln(Format('DataExecutionPrevention_Drivers              %s',[FWbemObject.DataExecutionPrevention_Drivers]));// Boolean
    Writeln(Format('DataExecutionPrevention_SupportPolicy        %s',[FWbemObject.DataExecutionPrevention_SupportPolicy]));// Uint8
    Writeln(DEPStatus(FWbemObject.DataExecutionPrevention_SupportPolicy));
  end;
end;


begin
 try
    CoInitialize(nil);
    try
      GetDEPStatusInfo;
    finally
      CoUninitialize;
    end;
 except
    on E:EOleException do
        Writeln(Format('EOleException %s %x', [E.Message,E.ErrorCode]));
    on E:Exception do
        Writeln(E.Classname, ':', E.Message);
 end;
 Writeln('Press Enter to exit');
 Readln;
end.

回复收藏 0 原文

飞烟轻若梦 2024-12-06 15:35:05

这是一种简单但非正统的检查 DEP 的方法，但它仅适用于当前程序

function IsDepOn:Boolean;
var
shellcode : array [0..1] of byte;
begin
  shellcode[0] := $90;
  shellcode[1] := $C3;
  try
  asm
      lea eax,shellcode
      call eax
  end;
      Result:=False;
  except
      Result:=True;
  end;
end;

Here is a simple but unorthodox method of checking for DEP but it works only for current program

function IsDepOn:Boolean;
var
shellcode : array [0..1] of byte;
begin
  shellcode[0] := $90;
  shellcode[1] := $C3;
  try
  asm
      lea eax,shellcode
      call eax
  end;
      Result:=False;
  except
      Result:=True;
  end;
end;

回复收藏 0 原文

~没有更多了~

关于作者

我的鱼塘能养鲲

暂无简介

文章

评论

25 人气

关注发私信

相关话题

热门标签

操作系统程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端

推荐作者

琉璃梦幻

文章 0 评论 0

qq_4zWU6L

文章 0 评论 0

话少情深

文章 0 评论 0

西西弗的石头怪

文章 0 评论 0

彻夜缠绵

文章 0 评论 0

千寻…

文章 0 评论 0

友情链接

我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的隐私政策了解更多相关信息。单击 接受 或继续使用网站，即表示您同意使用 Cookies 和您的相关数据。

原文